CVE-2026-31431: “Copy Fail,” the Nine-Year-Old Linux Bug Introduced in 2017

**Copy Fail (CVE-2026-31431)** is a critical nine-year-old Linux kernel vulnerability that enables a reliable local privilege escalation and container escape by using AF_ALG and splice() to write into the page cache of readable files; a 732-byte Python script reproduces the exploit, affecting mainstream kernels shipped since 2017 and allowing attackers to gain root without leaving on-disk traces. Patch (mainline commit a664bf3d603d) and mitigations (disable algif_aead, seccomp filters, behavioral telemetry) are recommended immediately.